320 Chapter 17
springing from the incompleteness of the draft standards), writing portable pro-
grams that use ACLs presents some difficulties.
This chapter provides a description of ACLs and a brief tutorial on their use. It
also describes some of the library functions used for manipulating and retrieving
ACLs. We won’t go into detail on all of these functions because there are so many
of them. (For the details, see the manual pages.)17.1 Overview
An ACL is a series of ACL entries, each of which defines the file permissions for an
individual user or group of users (see Figure 17-1).Figure 17-1: An access control listACL entries
Each ACL entry consists of the following parts:z a tag type, which indicates whether this entry applies to a user, to a group, or to
some other category of user;
z an optional tag qualifier, which identifies a specific user or group (i.e., a user ID
or a group ID); and
z a permission set, which specifies the permissions (read, write, and execute) that
are granted by the entry.The tag type has one of the following values:
ACL_USER_OBJ
This entry specifies the permissions granted to the file owner. Each ACL
contains exactly one ACL_USER_OBJ entry. This entry corresponds to the tradi-
tional file owner (user) permissions.
ACL_USER
This entry specifies the permissions granted to the user identified by the
tag qualifier. An ACL may contain zero or more ACL_USER entries, but at
most one ACL_USER entry may be defined for a particular user.Tag type Tag qualifier Permissions
ACL_USER_OBJ - rwxACL_GROUP_OBJ - rwxACL_GROUP 103 -w-
ACL_GROUP 109 --xACL_USER 1007 r--
ACL_USER 1010 rwxACL_MASK - rw-
ACL_OTHER - r--ACL_GROUP 102 r--Corresponds to
traditional owner
(user) permissionsCorresponds to
traditional group
permissionsCorresponds to
traditional other
permissionsGroup
class
entries